Honeypots mailing list archives
WG: Honeyd on Win32
From: "Heidecker, Dagmar" <Dagmar.Heidecker () ntx at>
Date: Tue, 9 Mar 2004 21:09:19 +0100
Thank you for your answer! I do not think that I have a VMWare problem as I disabled all adapters except the one I use. I downloaded the new file and cannot see any difference. Still the intf_get: no such device or address error. What's about disabling all hidden network devices (e.g. wan miniport for pptp) or qos-packet scheduler? By the way: There is still an error in the nmap.prints file. Honeyd reports "Impossible SI range in Class fingerprint "Windows NT 4 SP3"". I removed that section from the file and the error disappeared. Dagmar ________________________________ Von: Michael A. Davis [mailto:mike () datanerds net] Gesendet: Di 09.03.2004 04:38 An: honeypots () securityfocus com Betreff: RE: Honeyd on Win32 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 No money is needed. A new version of honeyd-0.5 for win32 is available at: http://www.datanerds.net/~mike/binaries/honeyd-0.5-win32.zip I the new zip file should be posted to the SecurityProfiling (http://www.securityprofiling.com) website in the morning. This zip file contains a new binary which should fix the issues with VMWare. Please let me know how it goes. Michael A. Davis
-----Original Message----- From: Roger A. Grimes [mailto:roger () banneretcs com] Sent: Monday, March 08, 2004 5:13 PM To: Heidecker, Dagmar; honeypots () securityfocus com Subject: Re: Honeyd on Win32 That's the error message of the day. Several of us have been asking for help with over the last few weeks, and it hasn't been solved. Michael, can we offer money to get you to trace this one? Roger ************************************************************** ************** **** *Roger A. Grimes, Computer Security Consultant *CPA, MCSE:Security (NT/2000/2003/MVP), CNE (3/4), A+ *email: roger () banneretcs com *cell: 757-615-3355 *Author of Malicious Mobile Code: Virus Protection for Windows by O'Reilly *http://www.oreilly.com/catalog/malmobcode *Author of upcoming Honeypots for Windows (Apress) ************************************************************** ************** ***** ----- Original Message ----- From: "Heidecker, Dagmar" <Dagmar.Heidecker () ntx at> To: <honeypots () securityfocus com> Sent: Monday, March 08, 2004 4:59 AM Subject: Honeyd on Win32 Hi! I downloaded honeyd for win32 and installed Winpcap 3.0 beta. I disabled all network devices (including vmware network devices) except one, rebootet the machine and tried to run Honeyd with the command: honeyd -d -f honeyd.conf I use an easy configuration file for honeyd.conf : ### Windows computers create windows set windows personality "Windows NT 4.0 Server SP5-SP6" set windows default tcp action reset set windows default udp action reset add windows tcp port 80 open add windows tcp port 139 open add windows tcp port 137 open add windows udp port 137 open add windows udp port 135 open set windows uptime 3284460 bind 192.168.2.201 windows 192.168.2.201 is not ont the same subnet like my "real" IP address. The error message I get is: intf_get: no such device or address I tried different virtual IP addresses, I tried to add the device (-i eth0, IP address etc.) to the command. What else can I do? Thank you for your help! Dagmar
-----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 iQA/AwUBQE08Odo69WASbsMmEQIKFwCg7gi2z2l9mOHFhxqsTfyM8YjRoVMAniZi V3u3LG0yEhpN8vLG1AGGpLd4 =jmaY -----END PGP SIGNATURE-----
Current thread:
- WG: Honeyd on Win32 Heidecker, Dagmar (Mar 11)